Some more updates

Author: cstamas

.github/workflows/maven.yml

@@ -23,6 +23,8 @@ jobs:
   build:
     name: Build it
     uses: codehaus-plexus/.github/.github/workflows/maven.yml@master
+    with:
+      jdk-matrix: '[ "23", "21", "17" ]'
 
   deploy:
     name: Deploy

pom.xml

@@ -33,10 +33,17 @@
   </distributionManagement>
 
   <properties>
+    <javaVersion>17</javaVersion>
     <project.build.outputTimestamp>2023-05-22T22:22:22Z</project.build.outputTimestamp>
   </properties>
 
   <dependencies>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-cipher</artifactId>
+      <version>3.0.0-SNAPSHOT</version>
+    </dependency>
+
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-xml</artifactId>
@@ -47,17 +54,20 @@
       <artifactId>plexus-utils</artifactId>
       <version>4.0.2</version>
     </dependency>
-    <dependency>
-      <groupId>org.codehaus.plexus</groupId>
-      <artifactId>plexus-cipher</artifactId>
-      <version>3.0.0-SNAPSHOT</version>
-    </dependency>
 
     <dependency>
       <groupId>javax.inject</groupId>
       <artifactId>javax.inject</artifactId>
       <version>1</version>
+      <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.sisu</groupId>
+      <artifactId>org.eclipse.sisu.inject</artifactId>
+      <version>${sisuMavenPluginVersion}</version>
+      <scope>provided</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter</artifactId>

src/main/java/org/sonatype/plexus/components/sec/dispatcher/SecDispatcher.java renamed to src/main/java/org/codehaus/plexus/components/secdispatcher/SecDispatcher.java

@@ -11,18 +11,14 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-package org.sonatype.plexus.components.sec.dispatcher;
+package org.codehaus.plexus.components.secdispatcher;
 
 /**
  * This component decrypts a string, passed to it
  *
  * @author Oleg Gusakov
  */
 public interface SecDispatcher {
-    String[] SYSTEM_PROPERTY_MASTER_PASSWORD = new String[] {"settings.master.password", "settings-master-password"};
-
-    String[] SYSTEM_PROPERTY_SERVER_PASSWORD = new String[] {"settings.server.password", "settings-server-password"};
-
     /**
      * decrypt given encrypted string
      *

src/main/java/org/sonatype/plexus/components/sec/dispatcher/SecDispatcherException.java renamed to src/main/java/org/codehaus/plexus/components/secdispatcher/SecDispatcherException.java

@@ -11,12 +11,13 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-package org.sonatype.plexus.components.sec.dispatcher;
+package org.codehaus.plexus.components.secdispatcher;
 
 public class SecDispatcherException extends RuntimeException {
     public SecDispatcherException(String message) {
         super(message);
     }
+
     public SecDispatcherException(String message, Throwable cause) {
         super(message, cause);
     }

src/main/java/org/sonatype/plexus/components/sec/dispatcher/DefaultSecDispatcher.java renamed to src/main/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcher.java

@@ -11,69 +11,59 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-package org.sonatype.plexus.components.sec.dispatcher;
+package org.codehaus.plexus.components.secdispatcher.internal;
 
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
 
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.StringTokenizer;
 
-import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
-import org.sonatype.plexus.components.cipher.PlexusCipher;
-import org.sonatype.plexus.components.cipher.PlexusCipherException;
-import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity;
+import org.codehaus.plexus.components.cipher.PlexusCipher;
+import org.codehaus.plexus.components.cipher.PlexusCipherException;
+import org.codehaus.plexus.components.cipher.internal.DefaultPlexusCipher;
+import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
+import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
+import org.codehaus.plexus.components.secdispatcher.model.SettingsSecurity;
+
+import static java.util.Objects.requireNonNull;
 
 /**
  * @author Oleg Gusakov
  */
 @Singleton
 @Named
 public class DefaultSecDispatcher implements SecDispatcher {
-    private static final String DEFAULT_CONFIGURATION = "~/.settings-security.xml";
+    public static final String DEFAULT_CONFIGURATION = "~/.m2/settings-security.xml";
 
     public static final String SYSTEM_PROPERTY_SEC_LOCATION = "settings.security";
 
     public static final String TYPE_ATTR = "type";
-
     public static final char ATTR_START = '[';
-
     public static final char ATTR_STOP = ']';
 
-    /**
-     * DefaultHandler
-     */
-    protected final PlexusCipher _cipher;
-
-    /**
-     * All available dispatchers
-     */
-    protected final Map<String, PasswordDecryptor> _decryptors;
-
-    /**
-     * Configuration file
-     */
-    protected String _configurationFile;
+    protected final PlexusCipher cipher;
+    protected final Map<String, MasterPasswordSource> masterPasswordSources;
+    protected final Map<String, PasswordDecryptor> decryptors;
+    protected String configurationFile;
 
     @Inject
     public DefaultSecDispatcher(
-            final PlexusCipher _cipher,
-            final Map<String, PasswordDecryptor> _decryptors,
-            @Named("${_configurationFile:-" + DEFAULT_CONFIGURATION + "}") final String _configurationFile) {
-        this._cipher = _cipher;
-        this._decryptors = _decryptors;
-        this._configurationFile = _configurationFile;
-    }
-
-    /**
-     * Ctor to be used in tests and other simplified cases (no decryptors and config).
-     */
-    public DefaultSecDispatcher(final PlexusCipher _cipher) {
-        this(_cipher, new HashMap<>(), DEFAULT_CONFIGURATION);
+            PlexusCipher cipher,
+            Map<String, MasterPasswordSource> masterPasswordSources,
+            Map<String, PasswordDecryptor> decryptors,
+            @Named("${configurationFile:-" + DEFAULT_CONFIGURATION + "}") final String configurationFile) {
+        this.cipher = cipher;
+        this.masterPasswordSources = masterPasswordSources;
+        this.decryptors = decryptors;
+        this.configurationFile = configurationFile;
     }
 
     // ---------------------------------------------------------------
@@ -85,7 +75,7 @@ public String decrypt(String str) throws SecDispatcherException {
         String bare;
 
         try {
-            bare = _cipher.unDecorate(str);
+            bare = cipher.unDecorate(str);
 
             Map<String, String> attr = stripAttributes(bare);
 
@@ -96,17 +86,17 @@ public String decrypt(String str) throws SecDispatcherException {
             if (attr == null || attr.get("type") == null) {
                 String master = getMaster(sec);
 
-                res = _cipher.decrypt(bare, master);
+                res = cipher.decrypt(bare, master);
             } else {
                 String type = attr.get(TYPE_ATTR);
 
-                if (_decryptors == null)
+                if (decryptors == null)
                     throw new SecDispatcherException(
                             "plexus container did not supply any required dispatchers - cannot lookup " + type);
 
                 Map<String, String> conf = SecUtil.getConfig(sec, type);
 
-                PasswordDecryptor dispatcher = _decryptors.get(type);
+                PasswordDecryptor dispatcher = decryptors.get(type);
 
                 if (dispatcher == null) throw new SecDispatcherException("no dispatcher for hint " + type);
 
@@ -141,7 +131,7 @@ private Map<String, String> stripAttributes(String str) {
 
             Map<String, String> res = null;
 
-            StringTokenizer st = new StringTokenizer(attrs, ", ");
+            StringTokenizer st = new StringTokenizer(attrs, ",");
 
             while (st.hasMoreTokens()) {
                 if (res == null) res = new HashMap<>(st.countTokens());
@@ -170,7 +160,7 @@ private Map<String, String> stripAttributes(String str) {
     private boolean isEncryptedString(String str) {
         if (str == null) return false;
 
-        return _cipher.isEncryptedString(str);
+        return cipher.isEncryptedString(str);
     }
 
     // ----------------------------------------------------------------------------
@@ -192,23 +182,25 @@ private SettingsSecurity getSec() throws SecDispatcherException {
     // ----------------------------------------------------------------------------
 
     private String getMaster(SettingsSecurity sec) throws SecDispatcherException {
-        String master = sec.getMaster();
-
-        if (master == null) throw new SecDispatcherException("master password is not set");
-
+        String masterSource = requireNonNull(sec.getMasterSource(), "masterSource is null");
         try {
-            return _cipher.decryptDecorated(master, SYSTEM_PROPERTY_SEC_LOCATION);
-        } catch (PlexusCipherException e) {
-            throw new SecDispatcherException(e.getMessage(), e);
+            URI masterSourceUri = new URI(masterSource);
+            for (MasterPasswordSource masterPasswordSource : masterPasswordSources.values()) {
+                String master = masterPasswordSource.handle(masterSourceUri);
+                if (master != null) return master;
+            }
+        } catch (URISyntaxException e) {
+            throw new SecDispatcherException("Invalid master source URI", e);
         }
+        throw new SecDispatcherException("master password could not be fetched");
     }
     // ---------------------------------------------------------------
     public String getConfigurationFile() {
-        return _configurationFile;
+        return configurationFile;
     }
 
     public void setConfigurationFile(String file) {
-        _configurationFile = file;
+        configurationFile = file;
     }
 
     // ---------------------------------------------------------------
@@ -241,6 +233,12 @@ private static void usage() {
 
     // ---------------------------------------------------------------
 
+    private static final String[] SYSTEM_PROPERTY_MASTER_PASSWORD =
+            new String[] {"settings.master.password", "settings-master-password"};
+
+    private static final String[] SYSTEM_PROPERTY_SERVER_PASSWORD =
+            new String[] {"settings.server.password", "settings-server-password"};
+
     public static void main(String[] args) throws Exception {
         if (args == null || args.length < 1) {
             usage();
@@ -267,7 +265,8 @@ private static void show(boolean showMaster) throws Exception {
         System.out.println("\n");
 
         DefaultPlexusCipher dc = new DefaultPlexusCipher();
-        DefaultSecDispatcher dd = new DefaultSecDispatcher(dc);
+        DefaultSecDispatcher dd =
+                new DefaultSecDispatcher(dc, Collections.emptyMap(), Collections.emptyMap(), DEFAULT_CONFIGURATION);
 
         if (showMaster)
             System.out.println(dc.encryptAndDecorate(pass, DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION));

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/MasterPasswordSource.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2008 Sonatype, Inc. All rights reserved.
+ *
+ * This program is licensed to you under the Apache License Version 2.0,
+ * and you may not use this file except in compliance with the Apache License Version 2.0.
+ * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the Apache License Version 2.0 is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
+ */
+
+package org.codehaus.plexus.components.secdispatcher.internal;
+
+import java.net.URI;
+
+import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
+
+/**
+ * Source of master password.
+ */
+public interface MasterPasswordSource {
+    /**
+     * Handles the URI to get master password. Implementation may do one of the following things:
+     * <ul>
+     *     <li>if the URI cannot be handled by given source, return {@code null}</li>
+     *     <li>if master password retrieval was attempted, but failed throw {@link SecDispatcherException}</li>
+     *     <li>happy path: return the master password.</li>
+     * </ul>
+     */
+    String handle(URI uri) throws SecDispatcherException;
+}

src/main/java/org/sonatype/plexus/components/sec/dispatcher/PasswordDecryptor.java renamed to src/main/java/org/codehaus/plexus/components/secdispatcher/internal/PasswordDecryptor.java

@@ -11,10 +11,12 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-package org.sonatype.plexus.components.sec.dispatcher;
+package org.codehaus.plexus.components.secdispatcher.internal;
 
 import java.util.Map;
 
+import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
+
 /**
  *
  *
@@ -33,5 +35,6 @@ public interface PasswordDecryptor {
      *
      * @throws SecDispatcherException
      */
-    String decrypt(String str, Map<String, String> attributes, Map<String, String> config) throws SecDispatcherException;
+    String decrypt(String str, Map<String, String> attributes, Map<String, String> config)
+            throws SecDispatcherException;
 }

src/main/java/org/sonatype/plexus/components/sec/dispatcher/SecUtil.java renamed to src/main/java/org/codehaus/plexus/components/secdispatcher/internal/SecUtil.java

@@ -11,7 +11,7 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-package org.sonatype.plexus.components.sec.dispatcher;
+package org.codehaus.plexus.components.secdispatcher.internal;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -22,10 +22,11 @@
 import java.util.List;
 import java.util.Map;
 
-import org.sonatype.plexus.components.sec.dispatcher.model.Config;
-import org.sonatype.plexus.components.sec.dispatcher.model.ConfigProperty;
-import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity;
-import org.sonatype.plexus.components.sec.dispatcher.model.io.xpp3.SecurityConfigurationXpp3Reader;
+import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
+import org.codehaus.plexus.components.secdispatcher.model.Config;
+import org.codehaus.plexus.components.secdispatcher.model.ConfigProperty;
+import org.codehaus.plexus.components.secdispatcher.model.SettingsSecurity;
+import org.codehaus.plexus.components.secdispatcher.model.io.xpp3.SecurityConfigurationXpp3Reader;
 
 /**
  *